cryptbot | fd35acf0672ad6b5036a431c4b547afce445abdb73a93e3fc8eb7da2f8ead2c0 | Triage

Submit
Reports

Overview

overview

Static

static

3

cb9e7782bc...6b.exe

windows7-x64

cb9e7782bc...6b.exe

windows10-2004-x64

Sharing

General

Target

0ef0fc7db1f5c0fee6d9c602c6c2b776.bin
Size

4.2MB
Sample

241208-bdcegstmbz
MD5

af3df9d81fb265bb35b65abd73e9398f
SHA1

149e8a3a717d38987aeab7e2a0cff447e0a09e62
SHA256

fd35acf0672ad6b5036a431c4b547afce445abdb73a93e3fc8eb7da2f8ead2c0
SHA512

b4dd3c82d1905297d3ce51acc0c5219c5d9d2d326dda32d65683833560699864203f6f779bfe58a006806261ba3d0a41a296bb3a384da1845795d2108630374a
SSDEEP

98304:u729ci0T9jYDnOAbc9Nql4BV9ZiSLxkyduDLpSIPJ0ojzi5IK:S296RMjEw4H98SUDLtJ0ozCJ

Score

10^/10

cryptbot discovery evasion spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

cb9e7782bc00b5e359e20bb42d798f052e6cca76b77c36c2fc8acde7e93b8d6b.exe

Resource

win7-20240903-en

cryptbot discovery evasion spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

cb9e7782bc00b5e359e20bb42d798f052e6cca76b77c36c2fc8acde7e93b8d6b.exe

Resource

win10v2004-20241007-en

cryptbot discovery evasion spyware stealer

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Extracted

Family

cryptbot

Targets

- Target
  
  cb9e7782bc00b5e359e20bb42d798f052e6cca76b77c36c2fc8acde7e93b8d6b.exe
- Size
  
  4.3MB
- MD5
  
  0ef0fc7db1f5c0fee6d9c602c6c2b776
- SHA1
  
  a845c9a05545dc0cfc42c2e1316e0bd535240265
- SHA256
  
  cb9e7782bc00b5e359e20bb42d798f052e6cca76b77c36c2fc8acde7e93b8d6b
- SHA512
  
  a3a171b2eaee101094f3c50b9f651336a277451020ce7da1690d52a08e42cc00fb12d4ac95f4f9c41fb9736ae510c24654493427d0907df39d9b39439f8bf530
- SSDEEP
  
  98304:2eMTr1N8AvrRZatKDIufQwt0Z2Z3OfdgQiqaePydaqh:2bn78waUDIm1OkZeHPJq/
Score

10^/10

cryptbot discovery evasion spyware stealer
- CryptBot
  CryptBot is a C++ stealer distributed widely in bundle with other software.
  spyware stealer cryptbot
- Cryptbot family
  cryptbot
- Enumerates VirtualBox registry keys
  evasion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Identifies Wine through registry keys
  Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
  evasion
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cryptbotdiscoveryevasionspywarestealer

behavioral2

cryptbotdiscoveryevasionspywarestealer

© 2018-2025

Terms | Privacy